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Abstract. It is well-known that simple type theory is complete with respect to non- 
standard set-valued models. Completeness for standard models only holds with respect to 
certain extended classes of models, e.g., the class of cartesian closed categories. Similarly, 
dependent type theory is complete for locally cartesian closed categories. However, it is 
usually difficult to establish the coherence of interpretations of dependent type theory, i.e., 
to show that the interpretations of equal expressions are indeed equal. Several classes of 
models have been used to remedy this problem. 

We contribute to this investigation by giving a semantics that is standard, coherent, and 
sufficiently general for completeness while remaining relatively easy to compute with. Our 
models interpret types of Martin-L6f 's extensional dependent type theory as sets indexed 
over posets or, equivalently, as fibrations over posets. This semantics can be seen as a 
generalization to dependent type theory of the interpretation of intuitionistic first-order 
logic in Kripke models. This yields a simple coherent model theory, with respect to which 
simple and dependent type theory are sound and complete. 



Martin-Lof's extensional type theory f |ML84j . MLTT), is a dependent type theory. Its main 
characteristic is that there are type-valued function symbols that take terms as input and 
return types as output. This is enriched with further type constructors such as dependent 
sum and product. The syntax of dependent type theory is significantly more complex than 
that of simple type theory because well-formed types and terms and their equalities must 
be defined in a single joint induction. 

The semantics of MLTT is similarly complicated. In |See84) . the connection between 
MLTT and locally cartesian closed (LCC) categories was first established. LCC categories 
interpret contexts F as objects [rj, types in context T as objects in the slice category over 
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[r]] , substitution as pullback, and dependent sum and product as left and right adjoint to 
pullback. But there is a difficulty, namely that these three operations are not independent: 
Substitution of terms into types is associative and commutes with sum and product for- 
mation, which is not necessarily the case for the choices of pullbacks and their adjoints. 
This is known as the coherence or strictness problem and has been studied extensively. In 
incoherent models such as in [Cur89| . equal types are interpreted as isomorphic but not 
necessarily equal objects. In |Car86| . coherent models for MLTT are given using categories 
with attributes. And in |Hof94] . a category with attributes is constructed for every LCC 
category. Several other model classes and their coherence properties have been studied in, 
e.g., |Str91| and [JacDOl lJac99| . In [PitOO] . an overview is given. 

These model classes all have in common that they are rather abstract and have a more 
complicated structure than general LCC categories. It is clearly desirable to have simpler, 
more concrete models. But it is a hard problem to equip a given LCC category with choices 
for pullbacks and adjoints that are both natural and coherent. Our motivation is to find a 
simple concrete class of LCC categories for which such a choice can be made, and which is 
still general enough to be complete for MLTT. 

Mathematically, our main results can be summarized very simply: Using a theorem from 
topos theory, it can be shown that MLTT is complete with respect to — not necessarily 
coherent — models in the LCC categories of the form S£T^ for posets P, where SET 
is the category of sets and mappings. This is equivalent to using presheaves on posets as 
models, which are often called Kripke models. They were also studied in [Hof97j . For 
these rather simple models, a solution to the coherence problem can be given. SET can be 
equipped with a coherent choice of pullback functors, and hence the categories S£T^ can 
be as well. Deviating subtly from the well-known constructions, we can also make coherent 
choices for the required adjoints to pullback. Finally, rather than working in the various 
shces S£T^/A, we use the isomorphism S£T^ /A = S£T^^^^ where / pA is the category 
of elements: Thus we can formulate the semantics of dependent types uniformly in terms 
of the simple categories of indexed sets S£T^ for various posets Q. 

In addition to being easy to work with, this has the virtue of capturing the idea that a 
dependent type S in context F is in some sense a type- valued function on F: Our models 
interpret F as a poset [FJ and S as an indexed set [F|5]] : [FJ — > S£T. We speak of Kripke 
models because these models are a natural extension of the well-known Kripke models for 
intuitionistic ffist-order logic ( |Kri65| ). Such models are based on a poset P of worlds, and 
the universe is given as a P-indexed set (possibly equipped with P- indexed structure) . This 
can be seen as the special case of our semantics when there is only one type. 

In fact, our results are also interesting in the special case of simple type theory ( |Chu40j ). 
Contrary to Henkin models ([Hen50, , MS89j ). and the models given in |MM91j . which like 
ours use indexed sets on posets, our models are standard: The interpretation \r\S — > S'\ 
of the function type is the exponential of \^\S\ and jFjS"]]. And contrary to the models in 
|Fri751 [Sim95| . our completeness result holds for theories with more than only base types 
and terms. 

A different notion of Kripke- models for dependent type theory is given in |Lip92| , which 
is related to |A1187j . There, the MLTT types are translated into predicates in an untyped 
first-order language. The first-order language is then interpreted in a Kripke-model, i.e., 
there is one indexed universe of which all types are subsets. Such models correspond roughly 
to non-standard set-theoretical models. 
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Signatures S 

Contexts T 

Substitutions 7 

Types S 



■ I S, c: 5 [ S, a : (r)type 
• I r, X : 5 

. I ^ ^ X I s 

a^\l\Id{s,s') \i:^,s S' \Yi^..s S' 



Terms s 



c \ X \ * I refl{s) I (s, s') \ 7ri(s) | 7r2(s) | Xx-.s s \ s s' 



Figure 1: Basic Grammar 



We give the syntax of MLTT in Sect. [2] and some categorical preliminaries in Sect. [3l 
Then we derive the coherent functor choices in Sect. H] and use them to define the inter- 
pretation in Sect. [3 We give our main results regarding the interpretation of substitution, 
soundness, and completeness in Sect. [U El and El 



2.1. Grammar. The basic syntax for MLTT expressions is given by the grammar in Fig. [H 
The vocabulary of the syntax is declared in signatures and contexts: Signatures S declare 
globally accessible names c for constants of type S and names a for type-valued constants 
with a list T of argument types. Contexts F locally declare typed variables x. 

Substitutions 7 translate from a context F to F' by providing terms in context F' for the 
variables in F. Thus, a substitution from F to F' can be applied to expressions in context F 
and yields expressions in context F'. Relative to a signature S and a context F, there are 
two syntactical classes: types and typed terms. 

The base types are the application a 7 of a type- valued constant to a list of argument 
terms 7 (which we write as a substitution for simplicity). The composed types are the unit 
type 1, the identity types Id{s, s'), the dependent product types Ti^-sT, and the dependent 
function types Hx.s T. Terms are constants c, variables x, the element * of the unit type, the 
element refl{s) of the type Id{s,s), pairs (s,s'), projections 7ri(s) and 7r2(s), A-abstractions 
Xx:S s, and function applications s s'. We do not need equality axioms s = s' because they 
can be given as constants of type Id{s, s'). For simplicity, we omit equality axioms for types. 

Our formulation of MLTT only uses types and terms. This is different from variants of 
dependent type theory with kinded type families as in |Bar92j and [HHP93]. In particular, in 
our formulation, the constants a are the only type families, and a itself is not a well-formed 
expression. All our results extend to the case with kinded type families (see |Rab08j ). 

Definition 2.1 (Substitution Application). The application of a substitution 7 to a term, 
type, or substitution is defined as follows where 7^ abbreviates 7,x/x. 
Substitution in terms: 



2. Syntax 



7(c) 
7(x) 

7(*) 



c 



s 



* 



for x/s in 7 



l{refl{s)) 
7(7ri(s)) 

lif s) 



(lis), lis')) 

7ri(7(s)) 

7r2(7(s)) 



l{f) l{s) 
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Judgment 


Intuition 


hSSig 

hs r ctx 
hs 7 : r ^ r' 

r hs 5" : type 

r hs 5 = 5' 

r hs s : 5 

r hs s = s' 


S is a well-formed signature 

r is a well-formed context over S 

7 is a well-formed substitution over S from F to V 

S" is a well-formed type over E and T 

types S and S' are equal over S and T 

term s is well-formed with type S over S and F 

terms s and s' are equal over S and F 



Figure 2: Judgments 



Substitution in types: 

7(1) 

lild{s,s')) 
7(a 7o) 

Substitution in substitutions: 
7(-) 

I, . . . , Xji/ Sji ) 



7-(T) 



a 7(70) 



n 



xi/7(si),...,x„/7(s„) 

Substitution in substitutions is the same as composition of substitutions, and we write 70 5 
instead of j{5). 



2.2. Type System. The judgments defining well-formed syntax are listed in Fig. [2j The 
typing rules for these judgments are well-known. Our formulation follows roughly |See84] . 
including the use of extensional identity types. The latter means that the equality judgment 
for the terms s and s' holds iff the type Id{s, s') is inhabited. 

Example 2.2. The theory Cat of categories is given by declaring type-valued constants Ob 
and Mor and term-valued constants id and comp such that the following judgments hold 















Ob 


■■ type 


X 


Ob, y: 


Ob 








Mor X y 


: type 


X 


Ob 










id X 


: Mor X x 


X 


Ob, y: 


Ob, 


z : 


Ob, 










g : Mor 


y z, 


/ 


Mor X y 




9° f 


: Mor X z 


w 


: Ob, x: 


Ob, 


y 


Ob, z : Ob, 










f : Mor 


W X 


, 9 


: Mor X y, h 


Mor y z hcat 


ho{go f) 


= {hog) of 


X 


Ob, y: 


Ob, 


f- 


Mor X y 




f id X 


= / 


X 


Ob, y: 


Ob, 


f- 


Mor X y 


^Cat 


idyof 


= / 



Here we have used two common abbreviations, (i) Mor is declared as Mor : {x : Ob, y : 
Ob)type, and we abbreviate the type application Mor x/s, y/t as Mor s t. (ii) o is declared 
as a constant 

o : ^x:Ob^y:Ob^z:Ob^g:Mor y z^f:Mor X y Mor X Z 
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and we abbreviate o x y z g f as g o f. This is unambiguous because the values of the first 
three arguments can be inferred from the types of the last two arguments. 

The axioms of a category are declared using the Curry-Howard equivalence ( |CF58[ 
IHow80| ) of MLTT and intuitionistic first-order logic without neg ation f |See84p . For exam- 
ple, to obtain right-neutrality, we declare a constant 



neutr 



^x:Ob '^y.Ob n/:Mor x y Id{f o id X, f) 



Such a constant yields the corresponding equality judgment above using Rule e/^^^. from 
Fig. 1 

The rules for signatures, contexts, and substitutions are given in Fig. [3l A signature is a 
list of declarations of type- valued constants a or term constants c. For example, a: (r)type 
means that a can be applied to arguments with types given by F and returns a type. The 
domain of a signature is defined by dom(-) = 0, dom(S,a: (F)type) = dom(S) U {a}, and 
dom(S,c:5) = dom(S) U {c}. 

Contexts are similar to signatures except that they only declare variables ranging over 
terms. The domain of a context is defined as for signatures. A substitution from F to F' is 
a list of terms in context F' such that each term is typed by the corresponding type in F. 
Note that in a context xi:Si, . . . ,Xn-Sn, the variable Xi may occur in Si^^i^ • • • 5 *^n* 



h S Sig • hs : type c dom(S) 
h • Sig ' \-T,,c:S S±g 



h T, Sig hs F' Ctx a ^ dom(S) 



h i;,a:(F')type Sig 



h S Sig hs F Ctx F hs 5" : type x dom(F) 

r. Pt 



\-T, ■ Ctx 



\-y, r,x:S Ctx 



hs F' Ctx 



a. 



v 



hs7:r^F' Fhs5:type F' hs s : 7(5) 
\~T: 7,x/s : T,x: S ^ T' 



Figure 3: Signatures, Contexts, Substitutions 

Fig. S] gives the formation rules for types. In context F, an application a 70 of a type 
constructor a : (Fo)type to a substitution 70 from Fq into F, means that 70 provides a list 
of terms as arguments to a. 

Fig. [5] gives the term formation rules. For the case where only one variable is to be 
substituted in an expression e in context T,x:S, we define 

e[x/s] := (idr,x/s)(e). 

We have the following subexpression property: F hs s : implies F hs 5 : type implies 
F Ctx implies h S Sig. 
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a : (ro)type in S hs 7o : Tq 
r hs a 7o : type 



- app 



\-y. r CtX 



r hs 1 : type 



T , X : S T : type 
r hs T.^:sT : type 



r hs s : 5 r hs s' : 5 
r /(i(s, s') : type 



'«{-,-) 



T,x:S Is T : type 
r hs na;:sr : type 



Tu 



Figure 4: Types 



c:S in Ti l~s T Ctx 
r hv c : 5 



hs r ctx 

r hv * : 1 



hy; r Ctx X : 5 in r 



X : S 



r hv s : 5 



r hs refl{s) : Id{s,s) 



.t 



refli-) 



T\-j:s:S r, x : 5 hs T : type T t : T[x/s] 



r hv n : S 



SIS' - 



r hs 7ri(u) : S 



r hs 7r2(M) : r[x/7ri(s)] 



r,x:5 hs t : r 

r hs Aa;:5 t : n^,:^ T 



tx 



rhs/:n^:5r rhsg:g 
r hs / s : r[x/s] 



app 



Figure 5: Terms 



Fig. [6] gives the congruence and conversion rules for the equality of terms, ry-conversion, 
reflexivity, symmetry, transitivity, and congruence rules for the other term constructors are 
omitted because they are derivable or admissible. In particular, 7/-conversion is implied by 
functional extensionality ejuncext- The rules have extra premises ensuring well-formedness 
of subexpressions, but these are elided for ease of reading, i.e., we assume that all terms 
occurring in Fig. [6] are well- formed without making that explicit in the rules. 

Finally, Fig. [7] gives a simple axiomatization of the equality of types. Note that equality 
of types is decidable iff the equality of terms is. 
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Th^v : Id{s,s') Thj^v : Id{s,s') T hj: v : Id{s, s') 

^Id(—,—) ^id—uniq 



T^y,S = s' 



T \-yV = v' 



rhs5:l 

ThyS = * 



r hs (7ri(n),7r2(n)) = u 



r 1-2 {Xx:St) S = t[x/s] 



■e/3 



T^j,fs = f's' 



^app 



r hs / = /' 



■ ('funcext 



r hs s' : S' 



Figure 6: Equality of Terms 



7 =X1/S1,...,X„/S„ _ / r • 1 

^, ^ / , r hs Sj = Sj tor « = 1, . . . , n 



r\-yi = i 



r hs a 7 = a 7' 



r hs Si = s[ Thy S2 = s'2 

r hs Id{si,S2) = S2) 



rhs5 = 5' r,x:ShyT = T' ThyS = S' T,x:ShyT = T' 



Ey 



En 



Figure 7: Equality of Types 

Parallel to Def . 12.11 we obtain the following basic property of substitutions by a straight- 
forward induction on derivations: 



Lemma 2.3. Assume 7 : T — >• T'. Then: 
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if hs 5 : A ^ r then hs 7 o 5 : A ^ T', 
if r hs 5" : type then T' 7(5*) : type, 
if rhss:5 then F hs 7(s) : 7(5). 

3. Categorical Preliminaries 

In this section, we repeat some well-known definitions and results about indexed sets and 
fibrations over posets (see, e.g., |Joh02] ). We assume the basic notions of category theory 
(see, e.g., [Mac98] ). We use a set-theoretical pairing function {a,b) and define tuples as 
left-associatively nested pairs, i.e., (oi, a2, . . . , a^) abbreviates (. . . (oi, 02), . . . , a„). 

Definition 3.1 (Indexed Sets). VOS8T denotes the category of partially ordered sets. We 
treat posets as categories and write p < p' for the uniquely determined morphism p ^ p' . If 
P is a poset, SET^ denotes the category of functors P — > SET and natural transformations. 
These functors are also called P-indexed sets. 

We denote the constant P-indexed set that maps each p E P to {0} by Ip. It is often 
convenient to replace an indexed set A over P with a poset formed from the disjoint union 
of all sets A(p) for p £ P. This is a special case of the category of elements, a construction 
due to Mac Lane ( |MM92j ) that is sometimes also called the Grothendieck construction. 

Definition 3.2 (Category of Elements). For an indexed set A over P, we define a poset 
/ pA := {{p, a) \ pe P,ae A{p)} with 

(p, a) < {p, a') iff p < p and A{p < p'){a) = a' . 

We also write JA instead of JpA if P is clear from the context. 

Using the category of elements, we can work with sets indexed by indexed sets: We 
write P\A if A is an indexed set over P, and Pjyl|P if additionally B is an indexed set over 
JpA, etc. 

Definition 3.3. Assume P\A\B. We define an indexed set P\{A k B) by 

{A X B){p) = {{a,b) I a e A{p),b G B{p,a)} 

and 

{AkB){p<p') : (a, 6) ^ {a',B{{p,a) < (p',a')){b)) (or a' = A{p < p'){a). 
And we define a natural transformation irp : A t< B ^ Ahy 

{itb)p ■■ ia,b) ^ a. 

The following definition introduces discrete opfibrations; for brevity, we will refer to 
them as "fibrations" in the sequel. Using the axiom of choice, these are necessarily split. 

Definition 3.4 (Fibrations). A fibration over a poset P is a functor f : Q ^ P for a 
poset Q with the following property: For all p' £ P and q £ Q such that f{q) < p' , there 
is a unique q' £ Q such that q < q' and f{q') = p' ■ We call / canonical iff / is the first 
projection oi Q = fpA for some P\A. 

For every indexed set A over P, the first projection fpA ^ P is a (canonical) fibration. 
Conversely, every fibration f : Q P defines an indexed set over P by mapping p G P to 
its preimage f~^{p) C Q and p < p' to the obvious function. This leads to a well-known 
equivalence of indexed sets and fibrations over P. If we only consider canonical fibrations, 
we obtain an isomorphism as follows. 
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Lemma 3.5. If we restrict the objects of VOSET / P to be canonical fibrations and the 
morphisms to be (arbitrary) fibrations, we obtain the full subcategory Fib(i-*) ofVOSST/P. 
There are isomorphisms 

F(-) : S£T^ Fib(P) and /(-) : Fib(P) ^ S£T^ . 

Proof. It is straightforward to show that Fib(P) is a full subcategory: The identity in 
VOSST and the composition of two fibrations are fibrations. Thus, it only remains to 
show that if / o = /' in VOS8T where / and /' are fibrations and 93 is a morphism in 
VOSST, then (p is a fibration as well. This is easy. 

For A : P ^ SET, we define the fibration F{A) : J pA — )■ P by (p, a) 1— >• p. And for a 
natural transformation r] : A ^ A' , we define the fibration F{r]) : / pA — )• / pA' satisfying 
F{A) o F{rj) = F{A') by (p, a) ^ (p, rjp{a)). 

For f : Q —?■ P, we obtain an indexed set using the fact that / is canonical. More 
concretely, we define I{f){p) ■= {a \ f{p,a) = p} and I{f){p < p') : a ^ a' where a' 
is the uniquely determined element such that {p, a) < {p',a') € Q. And for a morphism 
(p between fibrations f : Q —?■ P and f ■ Q' ^ P, we define a natural transformation 
/((/?) : /(/) — )• /(/') by I{^p)p : a ^ a' where a' is such that ip{p, a) = [p, a'). 

Then it is easy to compute that / and F are mutually inverse functors. □ 

Definition 3.6 (Indexed Elements). Assume P\A. The P-indexed elements of A are given 
by 

Elem(74) := {{op G A{p))^^p \ Qpi = A{p < p){ap) whenever p < p'}. 

Then the indexed elements of A are in bijection with the natural transformations Ip 
A. For a € Elem(^), we will write F(a) for the fibration P — )• JA mapping p to {p,ap). 
F{a) is a section of F(A), and indexed elements are also called global sections. 

Example 3.7. We exemplify the introduced notions by Fig. [HI P is a totally ordered set 
visualized as a horizontal line with two elements pi <P2 ^ P- For P\A, JA becomes a blob 
over P. The sets A(pi) correspond to the vertical lines in J A, and S A{pi). The action of 
A{p < p') and the poset structure oi fA are horizontal: If we assume A{pi < P2) ■ ai 02, 
then (pi,ai) < (^2,02) in JA. Finally, the action of F{A) is vertical: F{A) maps {pi,ai) to 
Pi. Note that our intuitive visualization is not meant to indicate that the sets A{pi) must 
be in bijection or that the mapping A{pi < P2) must be injective or surjective. 

Similarly, for fB becomes a three-dimensional blob over fA. The sets B{pi, Oj) 

correspond to the dotted lines. Again the action oi B[{pi,ai) < (p2,«2)) and the poset 
structure of fB are horizontal: 

bi G B{pi, Oi) and B{{pi,ai) < {p2, 02)) : 61 1-^ 62 

and F{B) projects vertically from JB to J A. 
Similarly, we have 

{ai,bi) £ {At< B){pi) and (A x P)(pi < P2) : («!, ^1) ^ (02, ^2) 

Thus, the sets {A\KB){pi) correspond to the two-dimensional gray areas. The sets / p{A t< B) 
and / JpaB are isomorphic, and their elements differ only in the bracketing: 

{pi, iai,bi)) £ Jp{A X B) and {{pi, Oj), bi) G IjpaB. 

Up to this isomorphism, the projection F{A k B) is the composite F{A) o F{B). 
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Indexed elements a G Elem(A) are families {ap)p^p and correspond to horizontal curves 
through / A such that F{a) is a section of F{A). Indexed elements of B correspond to two- 
dimensional vertical areas in JB (intersecting each line parallel to the dotted lines exactly 
once), and indexed elements of ^ x i3 correspond to horizontal curves in JB (intersecting 
each area parallel to the gray areas exactly once). 

Finally the condition that indexed elements are natural transformations can be visu- 
alized as follows: The indexed elements a G Elem(A) are exactly those horizontal curves 
that arise if a line is drawn from (p, a) to {p',a') whenever {p,a) < {p',a'). There may be 
multiple such curves going through a point (p, a) , but they must coincide to the right of 
{p, a). Moreover, (p, a) < (p', a') holds iff {p, a) is to the left of {p', a') on the same curve. In 
particular, if P has a least element po, we obtain exactly one such curve for every element 
oiA{po). 



J{A KB)^jB^ 




P 



Pi 



F{A) 



fyi G B{pi tti), B{{pi,ai) < (P2,a2)) = &2 
{pi,ai,bi) < {p2,a2,b2) 
{ai,bi) G (A X B){pi) 



0-2) a-i G A{Pi)^ Mpi < P2)(ai) = 02 
{Pi,ai) < {P2,a2) 



Pi < P2 



Figure 8: Indexed Sets and Fibrations 



Example 3.8. Let Sign be the set of well- formed signatures of MLTT (or of any other 
type theory for that matter). Sign is a poset under inclusion C of signatures. Let Con(Y,) 
be the set of well-formed contexts over S, and let Con(S C T,') : Con(S) ^ Con{T,') be an 
inclusion. Then Sign\Con, and the tuple assigning the empty context to every signature is 
an example of an indexed element of Con. 

! Sign Con is the set of pairs (S,r) such that hs F Ctx, and (5],r) < (S',F') iff S C S' 
and F = F'. Let Typ{'E,T) be the set of types S such that F hs 5" : type. Typ becomes an 
indexed set Sign\Con\Typ by defining Typ{{Y!,,T) < (S',F)) to be an inclusion. The tuple 
assigning 1 to every pair (S, F) is an example of an indexed element of Typ. 

We will use Lem. 13.51 frequently to switch between indexed sets and fibrations, as 
convenient. In particular, we will use the following two corollaries. 
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Lemma 3.9. Assume P\A. Then 

Elem(^) ^ Hompib(P)(idp, F{A)) = {f:P^JpA\ F{A) o / = idp}. 

and 

S£T^/A ^ S£T^^ 

Proof. Both claims follow from Lem. 13.51 by using Elem(A) = Hom^£;^p(lp, ^) as well as 
Yih{P)/F{A) ^ Fib(/pA), respectively. □ 

Finally, as usual, we say that a category is locally cartesian closed (LCC) if it and all 
of its slice categories are cartesian closed (in particular, it has a terminal object). Then we 
have the following well-known result. 

Lemma 3.10. S£T^ is LCC. 

Proof. The terminal object is given by Ip. The product is taken pointwise: A x B : p 
A{p) X B{p) and similarly for morphisms. The exponential object is given by: B"^ : p i-^ 
Hom^^^pp {A^, BP) where AP and B^ are as A and B but restricted to P^ := {p' G P \ p < 
p'}. B^{p < p') maps a natural transformation, which is a family of mappings over P^, to 
its restriction to P^ . This proves that SEF^ and so also Fib(P) is cartesian closed for any 
P. By Lem. 13.91 obtain the same for all slice categories. □ 



4. Operations on Indexed Sets 

Because S£T^ is LCC, we know that it has pullbacks and that the pullback along a fixed 
natural transformation has left and right adjoints (see, e.g., |Joh02) ). However, these func- 
tors are only unique up to isomorphism, and it is non-trivial to pick coherent choices for 
them. 

Pullbacks. Assume P\Ai and P\A2 and a natural transformation h : A2 ^ Ai. The pullback 
along /i is a functor S£T^/Ai S£T^ jA^. Using Lem. EH we can avoid dealing with 
slice categories of S£T^ and instead give a functor 

which we also call the pullback along h. The functor h* is given by precomposition: 

Definition 4.1. Assume Ai and A2 indexed over P, and a natural transformation h : A2 —?■ 
Ai. Then for B G S£T^^\ we put 

h*B ■.= BoF{h) G S£T^^\ 

where, as in Lem. 13.51 F{h) : J pA2 — > / pAi. The action of h* on morphisms is defined 
similarly by composing a natural transformation P : B ^ B' with the functor F{h): h*f3 : = 
/3 o F{h). Finally, we define a natural transformation between P-indexed sets by 

/i X P : A2 X h*B AiK B, {h tK B)p : {02, b) ^ (/ip(a2), b). 

The application of /i x i? is independent of B, which is only needed in the notation to 
determine the domain and codomain of h x B. 
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Lemma 4.2 (Fullbacks). In the situation of Def.^4jj\ the following is a pullback in SET 



h\xB 

A2 X h*B > AikB 



■Kb 



V 

A2 



h 



A, 



Furthermore, we have the following coherence properties for every natural transformation 
g-.As^ A2: 

{idAi)*B = B, idAi tx B = id^ixB, 
(/i o gYB = g*{h*B), (hog) IX B = {hx B)o{g K h*B). 

Proof. The following is a pullback in VOSET: 

F(h X B) F(h tK B) 
JA2 X h*B > Ui X B {p, (a2, 6)) H >\p, (/ip(a2), b)) 



IA2 



F{TTh*B) F{ttb) 
F{h) 



Ml 



F{T:h*B) F{ttb) 
F{h) 

(p,a2) I > {p,hp{a2)) 



If we turn this square into a cocone on P by adding the canonical projections -^(^2) and 
F{Ai), it becomes a pullback in Fib(P). Then the result follows by Lem. [331 The coherence 
properties can be verified by simple computations. □ 

Equivalently, using the terminology of [PitOOj . we can say that for every P the tuple 

{S£T^,S£r^^,AK B,TTB,h*B,hK B) 

forms a type category (where A, B, h indicate arbitrary arguments). Then giving coherent 
adjoints to the pullback functor shows that this type category admits dependent sums and 
products. 

Adjoints. To interpret MLTT, the adjoints to h* , where h : A2 ^ Ai, are only needed if h 
is a projection, i.e., Ai := A, A2 := A x B, and h := ttb for some Pjj4|i?. We only give 
adjoint functors for this special case because we use this restriction when defining the right 
adjoint. Thus, we give functors 

Cb,TZb ■■ SSr^^"^ S£T^^ such that Cb H t^b* H TIb 

in Def. 14.31 and 14.61 respectively. These functors will satisfy the coherence properties 

g*{CBC) = Cg*B{g^ByC and g*{nBC) =ng*B{g ^ BfC 

for every g : A' ^ A, which we prove in Lem. 14.41 and 14.71 respectively. 

Definition 4.3. We define the functor Cb as follows. For an object C, we put CbC := 

B tK (C o assoc) where assoc maps elements {{p,a),b) G JB to {p, (a, 6)) G JAt< B; and for 
a morphism, i.e., a natural transformation r] : C C, we put 

{^Br])(p,a) ■■ ib,c) H> {b,r](p,{a,b)){c)) for {p,a) £ JA. 
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Lemma 4.4 (Left Adjoint). Cb is left adjoint to ttb* ■ Furthermore, for any natural trans- 
formation g : A' ^ A, we have the following coherence property (the Beck-Chev alley condi- 
tion) 

g*{CBC) = Cg,B{g^ByC. 

Proof. It is easy to show that jC_b is isomorphic to composition along vr^, for which the 
adjointness is weh-known. In particular, we have the following diagram in 



{AkB)kC 



A X CbC 




The coherence can be verified by direct computation. □ 

The right adjoint is more complicated. Intuitively, IZbC must represent the dependent 
functions from B to C. The naive candidate for this is Elem((7) = Hom(lj5,C) (i.e., 
Hom(i3, C) in the simply-typed case), but this is not a / ^-indexed set. There is a well-known 
construction to remedy this, but we use a subtle modification to achieve coherence, i.e., the 
corresponding Beck-Chevalley condition. To do that, we need an auxiliary definition. 



Definition 4.5. Assume P|^|-B, P\{A v. B)\C, and an element x :- 
A^ G S£T^ and a natural transformation i^ : — )• j4 be given by 



{p,a) e jA. Let 



A-{p') 




if p < p' 
otherwise 



■.0^A{p<p'){a). 



Then we define indexed sets P\A^\B^ and P\{A^ x B^)\C^ by: 

5^' := f*B, := (i^' K B)*C 

and put d^ := fA^ K B^ for the domain of C^. 

Note that A^ is the Yoneda embedding of p in S£T^. The left dia gram in Fig. [9] shows 
the involved P- indexed sets, the right one gives the actions of the natural transformations 
for an element p' ^ P with p < p'. Below it will be crucial for coherence that B^ and 
contain tuples in which a' is replaced with 0. 

Definition 4.6. Assume P\A\B. Then we define the functor TZb : SST^'^'^^ S£T^^ as 
follows. Firstly, for an object C, we put for x € jA 

{TZbC){x) := Elem(C^). 

In particular, / G {TZbC){x) is a family {fy)yi^d'^ with fy G C^{y). For x < x' ^ J A, we 
have d^ ^ d^' and put 

{TZbC){x < x') : ify)y(zd- ^ ify)yed-'- 
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(i^' K B)kC 

(^^ >< 5^') K > {A^B)^C (0, b', c') ^ (a', 6', c') 



TTc 



TTb 



V 







(0,60 I >(.a',b') 

X := {p, a) 
a' := A{p < p'){a) 



Figure 9: The Situation of Def. 14.5 



Secondly, for a morphism, i.e., a natural transformation rj : C ^ C, we define TZbtj : 
TZbC — )• TZbC as follows: For x := {p,a) S J A and / € {TZbC){x), we define /' := 
(TlBvUf) e (7^BC")(x) by 

f{p',{0,b')) ^(P',(a',b'))(/(p'.(0,f''))) ^')) e d"" and a' := A{p < p'){a). 

Lemma 4.7 (Right Adjoint). TZb is right adjoint to ttb*- Furthermore, for every natural 
transformation g : A' ^ A, we have the following coherence property 

g*{nBC) = ng,B{g^B)*c. 

Proof. Assume P\A\B, P\A x B\C, and x = {p,a) e JA. Let y{x) £ S£T^^ be the 
covariant representable functor of x mapping x' G fA to a singleton iff x < and to the 
empty set otherwise. Since we know the right adjoint exists, we can use the Yoneda lemma 
for covariant functors to derive sufficient and necessary constraints for 7^^ to be a right 
adjoint: 

{nBC){x) ^ Hom5^^M(y(x),7eBC) ^ Hom^^^/A.s (7rB*y(x), C7) 

^HomFib(M><B)(i^(vrB*y(x)),F(C7)). 

Let i^' be as in Def. 14.51 Let Fib'(Q) be the category of (not necessarily canonical) fibrations 
on Q. Then it is easy to check that F{v^ k B) seen as a fibration with domain (F and 
F{'KB*y{x)) are isomorphic in Fib'(/^ x B). (They are not isomorphic in Fib(/i?) because 
the former is not canonical and thus not an object of Fib(/i?).) Using the fullness of Fib((5), 
we obtain 

{nBC){x) ^ HomFib'(MKB)(i"(i" x B),F{C)) 
= {f -.d- ^ !C\F{C)of = F{f KB)}. 
And using the definition of as a puUback, we obtain 

(7^BC)(x) ^ {/ : ^ /C" I F{C') o f = idrf4 ^ Elem(C"). 

And this is indeed how TZbC \s defined. The value oUZbC on morphisms is verified similarly. 

To show the coherence property, we assume P\A' , g : A' ^ A, and x' := {p,a') € JA'. 
We abbreviate as follows: a := gp{a'), x := {p,a), B' := g*B, and C := {gt<B)*C. 
Furthermore, we write i^ , A"" , B"" , and C"^ according to Def. SSI Note that A"" = A"" . 

Now coherence requires g*TZBC = TZb'C . And that follows if we show that 



B 



Ix' 



and C 



Ix' 



KRIPKE SEMANTICS FOR MARTIN-LOF'S EXTENSIONAL TYPE THEORY* 



15 



Using Lem. 14.21 this follows from goi^ = i^, which is an equality between natural transfor- 
mations from = A'^ to A in S£T^ ■ And to verify the latter, assume o (z P. The maps 
Qo o i^ and i^ have domain or {0}. In the former case, there is nothing to prove. In the 
latter case, put 

a'^ ■= -f^ {0) = A' {p < o){a') and ao := 'fo{0) = A{p < o){a). 

Then we need to show goio-'o) = ^o- And that is indeed the case because of the naturality 
of g as indicated in 

A'{p < o) 
a' I > a„ 



9p 



a h 



A{p < o) 



□ 

Example 4.8 (Continuing Ex. 13. Sp . The S'ign-indexed set Con x Typ maps every MLTT- 
signature S to the set of pairs (F, S) such that F 5 : type. The projection irxyp is a 
natural transformation Con x Typ — > Con such that {'KTyp)T. '■ (r,^) i-?- F. 

We define Tm such that Sign\{Con x Typ)\Tm: The set rm(S, (F,^)) contains the 
terms s such that F hs s : S*. Tm((S, (F, S)) < (S', (F, S))) is an inclusion. 

Then we have Sign\Con\CTypTm, and CxypTm maps (S,F) to the set of pairs {S,s) 
such that T \—£ s : S. 

To exemplify Def. 14.51 fix an element x = (S, F) G fsignCon. Then we have if;/(0) = F 
for every S C S'. Typ^ maps the pair (S', 0) where S C S' to Typ{Ti' , i|;, (0)) = Typ{Ti' , F). 
If 5 G TOT(S',i|,(0)), then Tm^ maps (S', (0,5)) to the set Tmi^' , (if,, (0), 5)). 

Now we have Sign\Con\R,TypTm, and TZrypTm maps (S,F) to the set of indexed ele- 
ments of Tm^. Those are the families that assign to every (S', (0,5)) a term S(s',(0,5)) & 
Tm^iTj' , (0,5)) = Tm{T,', (F,5)) such that S(s',(0,5)) = ■S{s",{0,S')) whenever S' C S". 

Above, we called Elem(C) the naive candidate for the right adjoint, and indeed the 
adjointness implies Elem(7^BC) = Elem(C). We define the isomorphisms explicitly because 
we will use them later on: 

Lemma 4.9. Assume P\A\B and P\{A t< B)\C . For t G Elem(C) and x := {p,a) E JA, let 
G Elem(C^) be given by 

{t'')ip',{0,b')) = t{p',{a',b')) where a' := A{p < p'){a). 

And for f G Elem(7^BC) and x := {p,{a,b)) G JA x B, we have f(p^a) € Elem(C^); thus, 
we can put 

r ■= if{p,a)){p,(0,b)) e C{p,{a,b)). 
Then the sets Elem(C) and Elem(7^BC) are in bisection via 

Elem(C) 3 t (t'^)a;G/A G Elem(7^BC) 

and 

Elem(7^BC) 3 f '^^^ (rUfAxB G Elem(C). 
Proof. This follows from the right adjointness by easy computations. □ 



16 



S. AWODEY AND F. RABE 



Intuitively, sp(t) turns t € Elem(C) into a /^-indexed set by splitting it into compo- 
nents. And am(/) amalgamates such a tuple of components back together. Syntactically, 
these operations correspond to currying and uncurrying, respectively. 

Then we need one last notation. For P\A, indexed elements a € Elem(74) behave 
like mappings with domain P. We can precompose such indexed elements with fibrations 
/ : Q — 7> P to obtain Q-indexed elements of Elem(j4 o /). 

Definition 4.10. Assume P\A, f : Q ^ P, and a G Elem(^). a * f £ Elem(^ o /) is 
defined by: (a * f)g := aji^q) for q £ Q. 

5. Semantics 

Using the LCC structure developed in Sect. [H the definition of the semantics is straightfor- 
ward and well-known. To demonstrate its simplicity, we spell it out in an elementary way. 
The semantics is defined by induction on the derivations of the judgments listed in Fig. [2l 

Firstly, for every signature h T, Sig, we define models /, which provide interpretations 
fcl^ and [aj^ for all symbols declared in S. The models are Kripke- models, i.e., a S-model 
/ is based on a poset P^ of worlds. 

Secondly, / extends to an interpretation function [[— which interprets all S-expressions. 
We will omit the index / if no confusion is possible. |— ]] is such that 

• if hs r Ctx, then fTj is a poset (which has a canonical projection to P), 

• if hs 7 : r ^ r', then [7]] : [[F'] — )• [F] is a monotone function, 

• if F hs S" : type, then lT\S} is an indexed set on [F], 

• if F hs s : S, then [[F|s]] is an indexed element of IFISJ. 

Thirdly, the judgments T S = S' and F hs s = s' correspond to a soundness result, 
which we will prove in Sect. [71 

The poset P of worlds plays the same role as the various posets [FJ — it interprets 
the empty context. In this way, P can be regarded as interpreting an implicit or relative 
context. This is in keeping with the practice of type theory (and category theory), according 
to which closed expressions may be considered relative to some fixed but unspecified context 
(respectively, base category). 

For a typed term F hs s : S, both |F|s]] and [[FIS"] are indexed over [FJ. If F = 
xi : Si,...,Xn ■ Sn, an element of [F] has the form (p, (ai, . . . , a„)) where p G P and 
Oj E [xi : Si, . . . , Xi-i : Si-i\Sil{p, {ai, . . . ,ai-i)). Intuitively, Oj is an assignment to the 
variable Xi in world p. And if an assignment {p, a) is given, the interpretations of s and S 
satisfy |F|s]]^p^.| G [FIS]] (p, a). This is illustrated in the left diagram in Fig. [TOl 

If 7 is a substitution F — )• F', then [7] maps assignments {p, a') G fT'J to assignments 
(p, q) G it}. And a substitution in types and terms is interpreted by pullback, i.e., compo- 
sition. This is illustrated in the right diagram in Fig. [TOl whose commutativity expresses 
the coherence. We will state this more precisely in Sect. [6l 

Sum types are interpreted naturally as the dependent sum of indexed sets given by the 
left adjoint. And pairing and projections have their natural semantics. Product types are 
interpreted as exponentials using the right adjoint. A A-abstraction Xx-st is interpreted by 
first interpreting t and then splitting it as in Lem. 14.91 And an application f s is interpreted 
by amalgamating the interpretation of / as in Lem. 14.91 and using the composition from 
Def.TOl 
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iir|5i 

mm) ri7(5)i\ Am 

SET 

Figure 10: Semantics of Terms, Types, and Substitution 

Definition 5.1 (Models). For a signature S, Ti-models are defined as follows: 

• A model I for the empty signature • is a poset . 

• A model / for the signature S, c : S consists of a S-model /s and an indexed element 

[cf GElem([.|5f^). 

• A model I for the signature S,a: (ro)type consists of a S-model Is and an indexed set 
{af over iFof^. 

Definition 5.2 (Model Extension). The extension of a model is defined by induction on 
the typing derivations. Therefore, we can assume in each case that all occurring expressions 
are well-formed. For example in the case for [[r|/ sj, / has type lix-.sT and s has type S. 

• Contexts: The elements of the poset |a;i : ^i, . . . , a;„ : S-n\ are the tuples {p, (ai, . . . , o„)) 
such that 

ai £ i-\Sij{p,0) 

an e {xi : ■Sn-l\Snj{p, (Ol, • • ■,an-l)) 

In particular |-| = P x {0}. The ordering of this poset is inherited from the n-times 

iterated category of elements, to which it is canonically isomorphic. The first projection 
from |r| is a canonical fibration, and we write /(|r|) for the corresponding indexed set. 

• Substitutions 7 = xi/si, . . . , Xn/sn from F to F': 

l7l : {p, a') ^ {p, (r kil(p,a')' • • • ' lr'knl(,,«o)) fo"^ (P^ ^ ir'l 
We write /([7I) for the induced natural transformation /([F'|) I(|r|). 

• Basic types: 

lF|a7ol := H o I70I 

• Complex types: 

|r|ll(p,a) :={0} 

|r|M(...')l(,.,<.) « iri'l...") = 

I otherwise 
m^r.sTj :=%|5ilF,x:5|Tl 

[Fin^.sTi ■.= np^s}ir,x:S\Tj 

|F|1| and |r|/d(s, s')]] are only specified for objects; their extension to morphisms is 
uniquely determined. 



18 



S. AWODEY AND F. RABE 



• Basic terms: 



{xi'-Si, . . . 




'ai,...,a„)) 



• Complex terms: 



lT\reflis)j 

ir\x^:st} 



l{p,o) 



Ui where [r | u] = (ai , a2 ) 
sp([r,x:5|tl) 

am{lT\fj)*{assocoF{lT\sj)) 











Here assoc maps {{p,a),a) to (p, (a, a)). 

Since the same expression may have more than one well-formedness derivation, the well- 
definedness of Def. I5.2l must be proved in a joint induction with the proof of Thm. ET] below 
(see also |Str91] ). And because of the use of substitution, e.g., for application of function 
terms, the induction must be intertwined with the proof of Thm. 16.11 as well. 

Example 5.3 (Continuing Ex. 12. 2p . A model of the signature Cat over an indexing poset 
P is the same thing as a functor from P into CAT, the category of (small) categories. In 
more detail, assume a poset P and a functor F : P ^ CAT- Then we obtain a model of 
the signature Cat as follows: 

• The underlying poset is P. 

• [06] is the indexed set over P mapping 

• every p € P to the set of objects of F(j)), 

• every morphism p < p' to the object-part of F{p < p'). 

• |x : Ob, y : Ob} is a poset containing tuples (p, (a, b)) for a,b € F{p). We obtain {p, (a, b)) < 
Ip', {a',b')) iSp <p' and a' = F{p < p'){a) and b' = F{p < p'){b). Then {Mor} is the 
indexed set over \x:Ob,y: Ob\ mapping 

• every {p, {a,b)) to the set Homp(p)(a, 6), 

• every [p, {a,b)) < {p' , {a',b')) to the morphism part of F{p < p') restricted to a map 
from Hom^(p)(a, 6) to Homp(p/)(a', 6'). 

• Next we define \id\ € Elem(|- lllj.. o;, Mor x x]) as sp(e) (using Lem. 14. 9p where e G 
Elem([[x : Ob\Mor x x}) is defined as follows, [[x : Ob\Mor x xj maps {p,a) for a G 
[[•|06](p) to the set Homp(p)(a, a), and we put e(p^a) := ida. 

Because F is a functor, we have 



Therefore, e is indeed an indexed element. 

• comp is interpreted as composition in F{p) in the same manner as id applying Lem. 14.91 
five times. 

• The interpretations of the constants representing axioms such as neutr are uniquely de- 
termined. And they exist because all F{p) are categories. 



[x: Ob\Mor x xj{{p,a) < {p,a)){ida) = ida'- 
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6. Substitution Lemma 

Parallel to Lem. 12.31 we obtain the following central result about the semantics of substi- 
tutions. It expresses the coherence of our models. 

Theorem 6.1 (Substitution). Assume 7 : F ^ F'. Then: 

if He 5 : A ^ r then t o 5j = I6j o [7], 

if rhs^rtype then ^17(^)1 = [r|51 o [7], 

if r^j,s:S then |7(s)l = [r|sl * [7I . 



Before we give the proof of Thm. 16.11 we establish some auxiliary results: 

Lemma 6.2. Assume 7 : L — )■ L' and T hj] S : type and thus also 

l~s "y,x/x : T,x:S — )• T',x:j{S) . 

Furthermore, assume the induction hypothesis of Thm. \6.1\ for the involved expressions. 
Then we have: 

[7,x/xl=F(/(l7l)x[r|Sl). 

Proof. This follows by direct computation. □ 

Lemma 6.3. Assume P\A\B, P\A t< B\C, P\A' , a natural transformation g : A' ^ A, and 
t G Elem(C). Then for x' G J A': 

sp(t * F{g X B))r,' = sp(t)j7'(g)(a,/). 

Proof. This follows by direct computation. □ 

Proof of Thm. \ 6.1l The proofs of all subtheorems are intertwined in an induction on the 
typing derivations; in addition, the induction is intertwined with the proof of Thm. 17.11 

The case of an empty substitution 5 is trivial. For the remaining cases, assume 6 = 
xi/si, . . . ,Xn/sn and {p,a') G [F']]. Then applying the composition of substitutions, the 
semantics of substitutions, the induction hypothesis for terms, and the semantics of substi- 
tutions, respectively, yields: 

[7 o 5j {p, a') = [xi/7(5i), . . . , XnMsn)} {p, a') = (p, (n7(^i)l(p,«o).=i,..., J 
= (P, m^^\,lip,,))^=^,.J = m o l7l)(p,a') 
The cases for types are as follows: 

• a 7o: Using the definition of substitution and the semantics of application, we obtain: 

[[F'|7(a 7o)l = \T'\a (70 o 7)]] = [aj o [70 o 7J 
And similarly we obtain: 

[F|a7ol = Ho[7ol 
Then the needed equality follows from the induction hypothesis for 79. 
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• 1: Trivial. 

• Id{s,s'): This follows directly from the induction hypothesis for s and s'. 

• Tix:S T: This follows directly by combining the induction hypothesis as well as Lem. | 
and[01 

• Hx-.s T: This follows directly by combining the induction hypothesis as well as Lem. 14.71 
and[01 

For the cases of a term s, let us assume a fixed {p,a') G [F'] and (p, a) := |7](p, a')- Then 
we need to show 

• c: Clear because 7(c) = c. 

• x: Assume x occurs in position i in F, and let x/s be in 7. Further, assume a' = 
{a[, . . . , ajj) and a = (oi, . . . , a„). Then by the properties of substitutions: [F'|7(x)]^p = 

l^'\^l{p,a') = "-i- ^"^^ ^^^^^ *0 I[rkl(p,„)- 

• refl{s): Trivial. 

• *: Trivial. 

• (s, s'): Because 7((s, s')) = (7(5), 7(5')), this case follows immediately from the induction 
hypothesis. 

• ni{u) for i = 1,2: Because 7(7ri(s)) = 7rj(7(s)), this case follows immediately from the 
induction hypothesis. 

• Xx:S i- By the definition of substitution, the semantics of A-abstraction, the induction 
hypothesis, and Lem. 16.21 respectively, we obtain: 

r|7(A.:5t)l = nA.:-,(5)7"Wl =sp(r,x:7(S)|7^(t)l) 

= sp{lT,x:S\tj*t,x/xj) 

= sp([F,x:5|tl*F(/(l7l)x[r|51)). 

Furthermore, we have |F|Aa;:st] = spdF,^:^!^]). Then the result follows by using 
Lem. [Ol and ^(/(M)) = [7I. 

• f s: We evaluate both sides of the needed equation. Firstly, on the left-hand side, we 
obtain by the definition of substitution, the semantics of application, and the induction 
hypothesis, respectively: 

ri7(/ s)j = ri7(/) 7(s)l = am(r |7(/)1) * {assoc o F(|F'l7(s)l)) 

= am(lr[/l * H) * {assoc o F{lT\sj * H))- 

To compute the value at (p, a') of this indexed element, we first compute ([[r|s] * [7] )(p,a'), 
say we obtain b. Then we can compute am([[F|/] * [[7])(p,(o',fe)). Using the notation from 
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Lem. 14.91 the left-hand side evaluates to 

Secondly, on the right-hand side, we have by the semantics of application: 

[r|/ sj = am([r|/l) * {assoc o F([r|sl)). 

When computing the value at (p, a) of this indexed element, we obtain in a first step 
^Ml^lW (p,{a,b))- And evaluating further, this yields ([[r|/l(p „))(p,(0,fc)). 

Thus, the equality holds as needed. □ 



7. Soundness 

We have already mentioned the soundness result, which states that the interpretation takes 
the syntactic judgments for equality of terms and types to corresponding semantic judg- 
ments: 

Theorem 7.1 (Soundness). Assume a signature S, and a context T. If T 1-^ S = S' for 
two well-formed types S, S' , then in every T,-model: 

lT\Sj = lT\S'j G SST^^y 

And if T s = s' for two well-formed terms s, s' of type S, then in every T,-model: 

lT\sj = lT\s'jGElem{lT\Sj). 

Proof. The soundness is proved by induction over all derivations; the induction is inter- 
twined with the proof of Thm. [6Tl An instructive example is the rule etypmg- Its soundness 
states the following: If [r|s] G Elem([r|Sl) and [r|sl = |r|sl and lT\S} = lT\S'j, then 
also lr\s'j G Elem([r|5']]). And this clearly holds. 

Among the remaining rules for terms, the soundness of some rules is an immediate 
consequence of the semantics. These are: all rules from Fig. [5] except for tx and tapp, and 
from Fig. [6] the rules Cid-uniq, e*, e(_ _), e^^, e^rz, and Capp. 

The soundness of the rules tx and tapp follows by applying the semantics and Lem. 14.91 
That leaves the rules and Cfuncext, the soundness of which we will prove in detail. 

For ej3, we interpret (Xx-st) s by applying the definition: 

lr\{X^.,st) sj = am([r|A,.:5tI) * {assoc o F{lT\s})) 

= am(sp(|r,x:S|tl)) * (assoc o F(|r|sl)) 

am(sp([[r, X : S'|t]])) is equal to [[r,x:5|t] by Lem. IT9l Furthermore, we have t[x/s] = 7(i) 
where 7 = idr, x/s is a substitution from F, x : S" to F. And interpreting 7 yields [7]] (p, a) = 
{p, {a,m4 W ~ assoc o F(|F[s]). Therefore, using Thm. [6TT]for terms yields 

[F|t[x/s]l = lr,x:S\tj * (assoc oF([F|sl)), 

which concludes the soundness proof for e^. 

To understand the soundness of Cfuncext, let us look at the interpretations of / in the 
contexts F and T,y:S: 

am([F|/]) G Elem(lF,x:5|Tl), am([F, y : ) G Elem([F,y:S,x:5|rl). 
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Let 7 be the inclusion substitution from T to T,y : S. Then [7]] is the projection [F, y : 
S} — )■ |r]] mapping elements {p,{a,a)) to (p, a). Applying Thm. [6TT] yields for arbitrary 
(p,a) G |rl and a',a G [[r|5](p,a): 

am([[r,y:S'|/])(p_(„y^a)) = am(lrl/])(p^(„^„)). 

And we have 

[r,y:5|y](p^(^^„,)) = a', and F{lr,y:S\yj){p,{a,a')) = {p,{a,a'),a'). 
Putting these together yields 

lT,y:S\fyj = (am([r, y : ) * (assoc oF{lT,y:S\y}))) 
= am(lr,y:S'|/])(p^(o^a/^a/)) = am(|r|/]l)(p^(c,,a/)) 
Therefore, the induction hypothesis applied to T,y:S f y = f y yields 

am([r|/l) = am([r|/']). 

And then Lem. 14.91 yields 

ir|/l = irj/'i 

concluding the soundness proof for Cfuncext- 

Regarding the rules for types in Fig. [4] and Fig. [7l the soundness proofs are straightfor- 
ward. □ 



8. Completeness 

According to the propositions-as-types interpretation — also known as the Curry-Howard 
correspondence — a type S holds in a model if its interpretation \S\ is inhabited, i.e., the 
indexed set \S\ has an indexed element. A type is valid if it holds in all models. Then 
soundness implies: If there is a term s of type S in context F, then in every S-model there is 
an indexed element of PIS'], namely [[F|s]]. The converse is completeness: A type that has 
an indexed element in every model is inhabited. Observe that the presence of (extensional) 
identity types then implies also the completeness of the equational term calculus because 
two terms are equal iff the corresponding identity type is inhabited. 

The basic idea of the proof of completeness is to build the syntactic category, and then 
to construct a model out of it using categorical embedding theorems. 

Definition 8.1. A functor F : C — ?> P is called LCC if C is LCC and if F preserves 
that structure, i.e., F maps terminal object, products and exponentials in all slices C/A to 
corresponding structures in T>/F{A). An LCC functor is called an LCC embedding if it is 
injective on objects, full, and faithful. 

We make use of a theorem from topos theory due to Butz and Moerdijk ( |BM99] ) to 
establish the following central lemma. 

Lemma 8.2. For every LCC category C, there is a poset P and an LCC embedding E : 
C S£T^. 
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Proof. Clearly, the composition of LCC embeddings is an LCC embedding. We obtain 
E -.C —> S£T^ as a composite E30E20E1. Here Ei -.C —> S£T^°^ is the Yoneda embedding, 
which maps A ^ \C\ to Hom(— , A). This is well-known to be an LCC embedding. E2 maps 
a presheaf on C to a sheaf on a topological space S. E2 is the inverse image part of the 
spatial cover of the topos SET^"^ of presheaves on C. This construction rests on a general 
topos-theoretical result established in |BM99j . and we refer to |AwoOO| for the details of 
the construction of S, the definition of £'21 and the proof that E2 is an LCC embedding. 
Finally £'3 : sh{S) — )• SST^^^^ includes a sheaf on S into the category of presheaves on 
the poset 0{S) of open sets of S. That £^3 is an LCC embedding, can be verified directly. 
Finally, we put P := 0{S)°^ so that E becomes an LCC embedding into S£T^. □ 

Definition 8.3 (Term-Generated). A S-model / is called term-generated if for all closed 
S-types S and every indexed element e G Elem(|[-|S']]^), there is a S-term s of type S such 
that l-\sy = e. 

Theorem 8.4 (Model Existence). For every signature T,, there is a term- generated model 
I such that for all types F hs 5 : type 

Elem([F|5f ) / iff F hs s : 5 for some s, (8.1) 

and for all such terms T h^: s : S and T s' : S 

im' = lr\sf iff Thj^s^s'. (8.2) 

Proof. It is well known how to construct the syntactic category C from S and F ( |See84j ). 
The objects of C are given by the set of all types S such that S : type modulo the 
equivalence relation hs 5 = S'. We will write [S] for the equivalence class of S. 

The C-morphisms from [S] to [S'] are given by the terms / such that f : S ^ S' 
modulo the equivalence relation \—sf = f. We will write [/] for the equivalence class of /. 

It is straightforward to check that C is LCC (see, e.g., |See84j ). For example, the 
exponential //^ of two objects fi : Si ^ S and hs /2 : 5*2 — 5* in a slice C/[S] is given 
by 

A«:c/7ri(n) where U := T,^.s {^y^-Si Id{x, fi yi) ^ T^y^-s^ Id{x, f2 y2)) ■ 

By Lem. 18.21 there are a poset P and an LCC embedding E : C ^ S£T^ . From those, we 
construct the needed model / over P. Essentially, / arises by interpreting every term or 
type as its image under E. 

Firstly, assume a declaration c: S in S. Since C only uses types and function terms, 
E cannot in general be applied to c. But using the type 1, every term c of type S can be 
seen as the function term Xx-.ic of type 1 — > 5*. Therefore, we define E'{c) := £'([A^:ic]), 
which is an indexed element of E{[1 — ?• S]). Since Elem(£([l S])) and Elem(£([S'])) are 
in bijection, E'{c) induces an indexed element of £([5]), which we use to define \c\^ ■ 

Secondly, assume a declaration a : (Fo)type in E for Fq = a;i : Si, . . . : 5„. [aj^ 
must be an indexed set over [[Fq]]^. For the same reason as above, E cannot be applied 
directly to o. Instead, we use the type U := T^^-^^-.s^ • • • 5]a;„:5„ (o idro)- "^^^ fibration 
F{E{\U])) : J pE{U) — )• P factors canonically through [Fq]]^, from which we obtain the 
needed indexed set [aj^. 

That / is term-generated now follows directly from the fullness of E. Finally, the 
required property (|8.ip clearly follows from / being term-generated, and ()8.2p from the fact 
that E is faithful. □ 
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The fact that the model / just constructed is term-generated can be interpreted as 
functional completeness of the semantics: If a natural transformation of a certain type 
exists in every model, then it is syntactically definable. In more detail, let I be the model 
constructed in Thm. [87^1 and assume a natural transformation rj : l-\SY — )• [[-IS"]^ for some 
S-types S and S'. Then there exists a S-term / of type S ^ S' such that r] arises from l-\fY 
as follows. Put rj' := am(|{-|/]]^) G Elem([[x : S'|S"]]^). Then rj' maps pairs {p,a) to elements 
of lx:S\S'}^{p,a) = I-|5"]]^(p) for a € Then we obtain rj as, r]p : a ^ ri'{p,a). 

Theorem 8.5 (Completeness). For every signature S and any type T S : type, the 
following hold: 

(1) // in every Ti-model I we have 

Elem([r|5f ) / 0, 

then there is a term s with 

F hs s : 5. 

(2) For all terms T hi; s : 5 and P hs s' : S, i/ [[P|s]]^ = [P|s']^ holds for all Tj-models I, 
then T ]—£ s = s' . 

Proof. This follows immediately from Thm. 18. 4^ considering the term-generated model con- 
structed there. □ 

Finally, observe that in the presence of extensional identity types, statement ([T]) of 
Thm. [831 already implies statement ([2]): For all well- formed terms s, s' of type S, if [[P|s]] = 
[[P|s'] in all S-models, then [[r|/d(s, s')} always has an element, and so there must be a term 
F hs t : Id{s,s'), whence F hs s = s' . An analogous result for types is more complicated 
and remains future work. 

9. Conclusion and Future Work 

We have presented a concrete and intuitive semantics for MLTT in terms of indexed sets on 
posets. And we have shown soundness and completeness. Our semantics is essentially that 
proposed by Lawvere in |Law69| in the hyperdoctrine of posets, fibrations, and indexed 
sets on posets, but we have made particular choices for which the models are coherent. 
Our models use standard function spaces, and substitution has a very simple interpretation 
as composition. The same holds in the simply-typed case, which makes our models an 
interesting alternative to (non-standard) Henkin models. In both cases, we strengthen the 
existing completeness results by restricting the class of models. 

We assume that the completeness result can still be strengthened somewhat further, 
e.g., to permit equality axioms between types. In addition, it is an open problem to find an 
elementary completeness proof, i.e., one that does not rely on topos-theoretical results. 
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